Re: basic captcha

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Simon Schick <simonsimcity@xxxxxxxxxxxxxx> wrote:

>Hi, all
>
>When you ask for a captcha, I'd first ask what do you want to use it
>for.
>If you read the first lines of Wikipedia it has been developed to
>differ
>between a real user and a bot.
>
>If you'd now say that you want to use it to protect spam in a formula
>I'd
>give you the same explanation that you can find here in german (in a
>bit
>more text): http://www.1ngo.de/web/captcha-spam.html
>The author of this link says that captchas are not efficient enough and
>give a new unnecessary barrier to all users. He also declaims that bots
>nowadays are better than ever and can even read captchas that many
>humans
>are not able to read.
>For this reason he provides a list of extra stuff that you can use to
>protect your formula against spam instead of a picture that's text
>should
>be written in an input-field.
>
>One of those is the honey-pot. You simply create an additional field
>(f.e. *
>email2*) hide it for most visitors (using *css*) and ignore the comment
>if
>there's text in here. As most of the bots cannot read css they'll fill
>a
>valid email-address in here :) But then you also have to think about
>users
>that have css disabled f.e. *ScreenReader*. Another disadvantage of
>this
>issue is that you can use an auto-field-fill mechanism provided by the
>browser who could fill this field ... But both cases should not be that
>difficult. For the screenreder you can change the label for the field
>to
>look like *Do not paste your email in here. Just leave it empty.* Just
>to
>have the word email again in here ;)
>
>Another good thing is to think about how fast this form can be
>submitted
>when the user enters the formula for the first time. Also think about
>the
>second time, when the user as entered some wrong values and you have to
>show him a message.
>If you have a formula that contains more than 5 fields it's quite
>unusual
>that the user can submit that below 2 sec after receiving the response.
>You
>could even add a feature by using javascript that the user cannot
>submit
>this form or his request will be delayed for a view seconds (one or
>two).
>
>If you want to know more about that, out there are plenty of plugins
>for
>different systems where you can see what other possibilities you have.
>One
>extension i like is the one from TYPO3. They have quite a bunch of such
>things and you can give each of the checks a value. If the sum of the
>values of the failing tests reaches a configured level, this
>form-submission will be rejected.
>http://typo3.org/extensions/repository/view/wt_spamshield/current/
>
>Wordpress: http://antispambee.de/
>
>Bye
>Simon
>
>2012/2/17 Savetheinternet <savetheinternet@xxxxxxxxxxxxx>
>
>> On Fri, Feb 17, 2012 at 3:40 PM, Donovan Brooke <lists@xxxxxxx>
>wrote:
>> > Hello,
>> >
>> > Does anyone know of a basic (open source or freeware) form captcha
>system
>> > for PHP?
>> >
>> > TIA,
>> > Donovan
>> >
>> >
>> >
>> >
>> > --
>> > D Brooke
>> >
>>
>> Hi,
>>
>> There are plenty of free PHP captcha scripts out there. Just google
>> "captcha PHP". Securimage (phpcaptcha.org) looks relatively okay.
>>
>> Thanks,
>> Michael
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>

I would avoid making a user type in something they see in a picture, as you've just succeeded in pissing off a bunch of blind people.

Also, avoid relying on javascript. It can be turned off, disabled, blocked and sometimes isn't available at all, such as with some speech/Braille browsers.

One popular route is to ask a question that only a human could answer. I use this method on the contact page of my site. I just ask a question such as

Multiply the number of heads a person has by the number of legs on 2 dogs.

It's easy for a human, but requires context, something a bot can't do effectively.
Thanks,
Ash
http://ashleysheridan.co.uk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux